On Tue, Oct 17, 2006 at 07:20:31PM -0700, Adam D wrote: > Andrew Sackville-West wrote: > > Hi list, I need some advice. My work situation has changed such that I > > now have to get out of my chair and climb out of my basement at > > frequent but irregular intervals. I live by email and need to connect > > to my email and possibly my desktop from multiple locations. > > > > 3. redo my smoothwall box into a debian machine as a > > firewall/router/dhcp server/etc and put IMAP on that box. I could > > lock down that box pretty well and get rid of all kinds of stuff > > that I wouldn't need (like SSH as I'd never be sitting at that box > > and need to SSH to another, for example, though I'd still need sshd > > to get into the thing on occaision.) > > > What comes to mind right off the bat, would be VPN into your network while you are away to acess your files/mail. VPN is totally foreign to me, I'll have to do some research. thanks for the suggestion. > > Otherwise the 3rd one is what I would do. I have a similar setup with a box as my firewall/router (Debian stable/testing). I have 4 separate networks that are attached to the box: LAN, wifi, DMZ, Internet/ISP. I use shorewall and really love setting it up with special rules in the config files (very easy). I have not yet set it up for port forwarding but it is done in the 'rules' config file. I also have a separate mail server on the DMZ that fetches the mail, spamassisn, virus scan, and sends it to an internal mail server using cyrus as the IMAP server. Cyrus is a very good IMAP server with a lot of power but can be a bit much setting it up too. I like what it offers but there are other good simple IMAP servers as well. I'm sort of leaning that way. It would also mean that I could be one step further in my quest to Debianize the whole house :) > > All this can be done easily with one server in the DMZ and people can go into the DMZ from the LAN through the router but not the other way. Then when your out and about you can connect to your mail server on your DMZ and read your mail. Using a DMZ with shorewall is very easy to configure but afaik there are not any gui for setting it up. I'm not afraid of conf files. > > If you do not want to set up a DMZ because of hard resources, power consumption or anything else, you can set up your email server (if you have one internally on your LAN) and have postfix save a copy locally and also forward a copy to i.e. google mail. I do that for my wife since her work does not have email and she uses google mail for work. You will have 2 accounts to manage with filing but it makes an easy solution. I have enough complications in my life and adding another email account would only add to that, ISTM. I definitely don't want to set up yet another box if I can help it. I'm running out of room and spare parts. What are the security implications of running IMAP on my firewall box, I wonder? Probably no worse than anything else. And with only that one service running for the world to see, it probably not that bad. What about this? run an IMAP server on the firewall box, but leave the actual mail on my server inside the LAN? I suppose I could mount them maildirs as an nfs share. What I wonder are the security issues with that as well. That would mean I could lighten the load on my poor tired old firewall box. I suspect its neither here nor there, though my mail directories are getting pretty large. I'm running about .5 gig right now, but I've recently archived a bunch of stuff making it smaller than usual. > > Just some extra things to think about while on your project. > thanks. A
Attachment:
signature.asc
Description: Digital signature